Application extensions provide a convenient way to provide additional capability to an application or to modify existing capability of an application. However, application extensions are often limited in functionality and typically utilize an accompanying local application to provide additional features or capabilities. Communication between an extension and its accompanying application can provide an avenue for attacks. Examples of such attacks can include attacks from different devices than the device running the application and application extensions, attacks by a malicious extension that is controlled by a legitimate application, and attacks by a legitimate extension controlled by an unauthorized user.